diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2008-10-06 14:04:33 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2008-10-06 14:04:33 +0000 |
| commit | d8bb3042105d930559801557163b6420aa164e16 (patch) | |
| tree | a1096628bb2ead1a34be0af15f013e8d309cd311 /phpBB/includes | |
| parent | b4d2641a595dcd25b52118793031e78f0e3b7da7 (diff) | |
| download | forums-d8bb3042105d930559801557163b6420aa164e16.tar forums-d8bb3042105d930559801557163b6420aa164e16.tar.gz forums-d8bb3042105d930559801557163b6420aa164e16.tar.bz2 forums-d8bb3042105d930559801557163b6420aa164e16.tar.xz forums-d8bb3042105d930559801557163b6420aa164e16.zip | |
Do not allow password reminders if u_passchg permission is not given. (Bug #14806)
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8977 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/ucp/ucp_remind.php | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php index 12de817099..6325bf89b6 100644 --- a/phpBB/includes/ucp/ucp_remind.php +++ b/phpBB/includes/ucp/ucp_remind.php @@ -36,7 +36,7 @@ class ucp_remind if ($submit) { - $sql = 'SELECT user_id, username, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason + $sql = 'SELECT user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason FROM ' . USERS_TABLE . " WHERE user_email = '" . $db->sql_escape($email) . "' AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; @@ -66,6 +66,15 @@ class ucp_remind } } + // Check users permissions + $auth2 = new auth(); + $auth2->acl($user_row); + + if (!$auth2->acl_get('u_chgpasswd')) + { + trigger_error('NO_AUTH_PASSWORD_REMINDER'); + } + $server_url = generate_board_url(); $key_len = 54 - strlen($server_url); |